Re-use of Persistent Identifiers
Posted on Monday, 14 January 2008
The UK Access Management Federation for Education and Research ('the federation') provides a mechanism for Service Providers to manage the risk of unauthorised disclosure of their content and of any information which they store about their users.
The federation's "user accountability" provisions (to which the majority of identity providers already subscribe) require every conforming Identity Provider to ensure that there is a gap of at least two years between any re-use of the same locally-assigned persistent identifier by different individual users. The choice of a two year fallow period allows a member of staff or student to be on sabbatical for one year without losing access to their stored data. Since Service Providers should, in any case, be purging personal information associated with unused identifiers to comply with the Data Protection Act 1998, a service provider that purges after an identifier has been unused for, say, eighteen months can be confident of avoiding problems that might arise from identifier reuse.
This mechanism protects against the same threats as would be addressed by annual re-registration of users, but at much lower cost to the Service Provider and the Identity Provider. The federation's clear definition of the behaviour required in this respect by both Identity Providers and Service Providers also eliminates risks which can arise from requirements that may be subject to different interpretations or implementations by the two sides.
The user accountability requirements are given in section 6 of the federation's Rules of Membership; their implications are discussed in section 3.2.2 of the Recommendations for Use of Personal Data. Edited by SteveGlover on 14 January 2008, at 11:00 AM